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(54) Certification of cryptographic keys for chipcaitis 

(57) The invention relates to a procedure for the cer- 
tification of cryptographic keys for chipcards. In this pro- 
cedure, a certification-key and a certificate are 
transferred to the chipcard. The first part of the certifi- 
cate includes the cryptographic key and the second part 
of the certificate includes a digital signature of the first 
part of the certificate. The digital certificate is subse- 
quently checked by means of the certification-key on the 
chipcard. 
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Description 

The invention relates to the certification of cryptographic keys for chipcards. 

The protection and confidential retention of data in a chipcard constitutes one of the principle advantages com- 
pared with other forms of data earners such as magnetic *ip cards or (fiskettes. For this reason, a fbmi of chip hard- 
ware tailored to this purpose and varioi^ cryptographic procedures are necessary. 

Amongst cryptographic procedures it is possible to distinguish between symmetrical and symmetrical procedures. 
In the case of a symmetric cryptographic procedure, there exi^ just one key which is used both for encocfing and 
decocfing the data which can be exchanged with the chipcard. This key must be kept secret as anyone who knows this 
key can also read information consisting of the encoded data. This gives rfee to the problem of how thfe key can be 
exchanged between the communicating partners. It Is not possible to pass on the key over public networi© because 
subsequentfy the key woukJ no longer be of a seaet nature. 

This pr(rt)lem is partially resolved by the assistance of asymmetric cryptographic procedures. In this situation there 
is a key V for encoding and a key E for decoding. The particular point here \s tiiat only one of the two keys has to be 
kept seaet The key V Is known to the general public while the key E is secret. If the sender wishes to send a secret 
message to a receving party, he uses the puWidy-known key V to encode the infomriation. When the receiving party 
receives the encoded infonnation. he can decode it with the aid of secret Key E. Naturally, the reverse situation is also 
conceivable where the Key V is secret and the Key E is known to the general public. 

The asymmetric ayptographic procedures solve the problem of exchanging the keys. However, a new problem then 
arises. The auttiemicity of the publicly-known key must be checked. This takes place by the publicly-known key being 
certified by a trustworthy authority. To this end. a certificate is produced which demonstrates the following conponent 
parts: 

A publicly-known key 

- The name of the owner of the publicly-known key 

The applications / application areas for which this publicly-known key may be used, and 
A digital signature of the trustworttiy authority. 

From an irrformation-technology point of view, ttie digital signature amounts to a kind of cryptographic check-sum 
of the other components of tiie certificate similar to a MAC (Message Authentication Code) through a prescribed data 
string. The trustworthy authority uses tiie digital signature to confirm that tfie elements of data (conponents) in tfie cer- 
tificate belong to one another. 

There is a standard for the construction and format of a certificate, namely X.509. This Standard arose in associa- 
tion with large data banks and therefore presupposes access to computers with high perfbnnance capacities The eval- 
uation of an X.509 Certificate with the aid of tfie processor of a chipcard is not possible. 

Therefore, in the use of asymmetric cryptographic procedures with chipcards, the chipcard only serves in the first 
place for the retention of a key. Against this, authorisation for ttie use of tiiis key with the asymmetric cryptographic pro- 
cedure IS achieved outskJe the chipcard by using a computer witii a larger computing capacity. 

It is the task of the present invention to create an improved opportunity for ttie certification of cryptographic keys for 
chipcards. 

This task is discharged by the technical principles revealed in the independent Claims 1 and 1 7. 

The essential advantage which is attained by the invention as compared with the current state of the art is that a 
certifying cryptograph^ key can be incorporated in the chipcard. In this way. the functionality of asymmetric crypto- 
graphic procedures is completely integrated in chipcards. A new level of security is generated and the area of possible 
applications for chipcards is extended. This is achieved by means of a certificate which is simple in its structure, is tailor- 
made for chipcards and which can be used in a certification procedure which is capable of being carried out on chip- 
cards 

An extension of tiie invention provides tiiat the checking of the digital signature on the chipcard embraces the fol- 
lowing steps: the conversion of the digital signature on the chipcard by means of the certification-key; the generation of 
an electronic fingerprint for the first part of the certificate; and tiie comparison of tfie converted digital signature witti tfie 
electronic fingerprint of tfie first part of the certificate. In tfiis manner, non-encoded data is advantageously comoared 
encrypted and decrypted. 

The checking of the digital signature on tfie chipcard can suitably include tfie following steps: ttie production of an 
electronic fingerprint in tfie first part of ttie certificate; conversion of tfie electronic fingerprint by means of the certifica- 
tion-key and a set of equations; and comparison of tfie converted electronic fingerprint witii a reference value which is 
transferred to the chipcard witfi tfie certificate. 
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In this way, the encoding- and decoding operations are eliminated since uncoded data is used in the equations. 

By means of an appropriate appftcation of the invention, the OTptographic key is marked as a certificated key in the 
case when in the course of checking the digital signature, the latter is verified as the digital signature of the first part of 
the certificate. It can be made certain in this way that only those keys whic^ have been correctly transferred to the chip- 
cards and correctly stored in the chipcards can be used as certificated keys. Because of the marking, when a crypto- 
graphic key is being used, the status of the cryptographic key can be determined with very little effort. 

A check can advantageously be made to estabCsh whether or not the certification-key for certifying the crypto- 
grapWc key can be used. This ensures that to certify cryptographic keys, exclusively only those certif toation keys can 
be used, whidi themselves have been previously certified for this purpose by a ' trustworthy authorit/. 

An advantageous fonm of the invention provides that the certificated k^ is used tor the execution of security-sen- 
sitive instructions, whereby the security standard of a chipcard is improved. 

The certificated key can usefully be used as a further certification-key for the certification of a further cryptographic 
key. In this way, any kind of certification chain can be produced. 

An advantageous extension of the invention provkles that ttie cryptographic k^ can be used for ttie execution of 
non-security-sensitive instructions after the certificate has been transfenred to the chipcard. This makes it possible to 
integrate the cryptographic key into feasible applications of ttie chipcard even before ttie conclusion of the certification. 

A hash-value can advantageously be calculated by means of ttie hash-algoritiim during the production of eittie' ttie 
digital signature of the first part of ttie certificate or ttie electronic fingerprint of ttie first part of the certificate. This com- 
presses ttie data to be processed during ttie certification activity and subsequentiy ttiis data can be processed with less 
expenditure of time and effort in the course of further certification procedures. 

By means of an advantageous form of tine invention, it can be provided ttiat tfie first and second parts of ttie certif- 
icate are transferred to ttie chipcard independentiy of one another, ttius rendering illegal access to ttie certificate more 
difficult Furtiia-more. witti ttie aid of ttie separated transfer activities, ttie processing of ttie certificate on tfie chipcard 
can be given a more efficient form. In particular, one part of the certificate can be processed off-line while the other part 
is processed on-line. 

A useful extension of ttie invention can be formed in such a way that ttie first part of ttie certificate includes admin- 
istrative data. In particular, ttiis makes it possible for tiie limiting conditions for ttie use and application of ttie crypto- 
graphic key to be determined. 

In a useful form of the invention, ttie cryptographic key is assigned by the administrative data to one or more appli- 
cations of ttie chipcard whereby ttiose applications for which ttie key may be used can be ascertained in an unambigu- 
ous manner Any misuse of ttie cryptographic key for ottier applications is thereby prevented. 

An advantageous form of ttie invaition provides ttiat during personalisation of ttie chpcard, the certification -key is 
transferred to ttie latter witti ttie result that ttie certification key togettier witti ottier security-relevant data is loaded onto 
the chipcard. 

The marking of ttie cryptographic key as a certificated key can advantageously be effected by ttie placement of a 
bit in a status-byte of ttie cryptographic key. This illustrates a possibility for marking ttie certified key which can easily 
be evaluated by ttie processor of ttie chipcard. 

By means of an advantageous form of ttie inventton. it can be provided ttiat tfie marking of ttie cryptographic key 
as a certified key can be candied out by entering the cryptographic key in a table on ttie chipcard. In this way, all certifi- 
cated keys can be stored in ttie chipcard in a manner which can be inspected. 

The marking of the cryptographic key as a certified key can be usefully candied out by storing ttie cryptographic key 
in a particular memory storage area of ttie chipcard. In order to use ttiis cryptographic key at a later date, ttiis calls for 
an exclusive reference to the particular memory storage area. 

The dependent subordinate claims of Qaim 17 demonstrate ttie advantages of ttie corresponding procedure 
claims which are dependent upon ttiem. 

An advantageous extension of the invention provides ttiat ttie administrative data includes an indication of a patti 
of a memory storage area on the chipcard, whereby the cryptographic key is exclusively sloraWe in ttiis area of memory 
storage. In ttiis way, a definite area of memory storage on ttie chipcard which adequately satisfies security standards 
can be assigned to the cryptographic key. 

In what follows, an example of an application of ttie invention is explained in greater detail by reference to a draw- 
ing: 

In ttiis context. Rg. 1 shows a sequence diagram of a certification procedure. 

Certificates, which are used on a chipcard in accordance witti ttie invention-based certification of ayptographic 
keys exhibit two parts: A first part which includes ttie actual data inclusive of ttie cryptographic key and a second part, 
the digital signature of ttie data from ttie first part 

As shown in Rg. 1, the first part of ttie certificate is produced in the course of a certification procedure. The first 
part refers to components as shown in Table I. 
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Table I 



Components 


Byte 


Description 


1 


0 


Bit7: 


0 = seaet key 








1 = p\Mc key 






Bit 6 -0: key id^ication 


. 2 


1 


Algoiithnrhidentif Nation 


3 


2 


H^h-algorfthm-identification 


4 


3 


Padding-algorithm-identification 


5 


4 


Use Byte 0 




6 


5 


Use Byte 1 




7 


7 


Nominal key length in bits 


8 


9 


Length of a data t)lock 


9 


10 


Length of a signature 


10 


11 


Length of the user Information 


11 


12 


Items of user information 


12 


13 


Length of the key data 


13 


15 


Key data 





By means of Component 1 of the certificate it is shown whether the certificating cryptographic key is a public or a 
secret key. Furthermore, Component 1 of the first part erf the certificate also displays a key identification, ft indicates per- 
mitted applications of the cryptographic key held in the certificate. If, following the completion of a successful certifica- 
tion, the cryptographic key is used in canTing out a specific application, this key identification is challenged and 
inspected to <^eck that the certificated key can be used for the specific application. Depending upon the outcome of 
this intenrogation, either the cryptographic key can be used or an error announcement is given. 

With tiie aid of the following Components 2, 3 and 4, algorithm-identifications are given. Component 2 indicates the 
asymmetric cryptographic procedures for which the key to be certified is suitable. When the certificated key is 
enployed. for exanrple, a hash-algorithm and/or a padding algorithm can be used. This is determined with the aid of 
Components 3 and 4. The purpose of the hash-algorithm is to compress the data. The compression is can-ied out 
before the actual encoding/decoding takes place. By using the padding-algoritfim. data can be extended to fill up any 
necessary block length. 

With tiie aid of Components 5 and 6, application areas of the cryptographic key can be established. For example, 
with the aid of Conponent 5, it can be ascertained that the cryptographic key may only be used exclusively for the pro^ 
duction of electronic signatures. Component 7 advises the length in bits of the cryptographic key, which is to be certifi- 
cated with the aid of the certificate. Components 8, 9 and 10 make it possible to transfer block-length data to a user of 
the cryptographic key. 

Component 1 1 supplies text infonnation about the cryptographic key. In particular, this can relate to application-or 
security advice for the user. Conponent 12 indicates the actual length of the cryptographic key to be certified. Data 
relating to the key are to be found in Component 13. 

After the first part of tiie certificate has been produced in accordance with Table I, the operation continues in 
accordance wrtti Rg. 1 witii the preparation of the second part of the certificate. To do this, an electronic signature of 
the first part of tiie certificate is produced. An electronic signature serves, principally, to establish the authenticity of 
electronically-transferred information or of electronic documents. In the case of certification procedures in accordance 
with the invention, checking of tiie digital signature makes it possible to determine whether the certificate was frans- 
ferred to the chipcard without being modified. 

The sequence followed during the production of a digital signature may be illustrated as given below. A hash-algo- 
rithm is used to develop a hash-value from the first part of the certificate. The purpose of the hash-algorithm is to com- 
press the data forming the first part of the certificate. The hash-value is also described as the finger-print of tiie relevant 
data. After this, the hash-value is decoded witfi a crypto-algorithm, for example, the RSA. To decode this, one uses the 
secret key of a pair of keys which is entered as part of ttie appropriate certification procedure. The public key of this pair 
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of keys, i.e of the certification keys, is found on the chip card The reason for a decoding operation during the prepara- 
tion of a digital signature is based upon the convention that with the RSA-algorithm, the seaet key is always used for 
decoding and the public key is always used for encocfing. The result of the decoding operation is the* actual signature 
which is the content of the second part of the certificate. 
5 The procedure foUowed in accordance with the invention can also be carried out in an advantageous manner with 
any other chosen procedure on the basts of a pair of keys containing a seaet and a public key. Pairs of keys can also 
be used, during the appDcation of whic^ no explicit decoding/encoding is canied out In particular, procedures in which 
the resolving of a niattiematical equation for the parameters hash-value, secret key and public key is the pre-requisite 
for carrying out the asymmetrical procedure can be used. 
10 After the first and second parts of the certificate have been generated, botti can be transferred to the chipcard. The 
two parts of the certificate can be transferred to the chipcard together or independentiy of one another. Separated trans- 
fer procedures have the advantage tiiat the amounts of data to be transferred to the relevant processes are smaller and. 
consequently, these quantities of data are easier to process. 

After the first part of the certificate has been stored in the chipcard. the cryptographic key held there can first be 
15 used for the non-aitical. non-security-sensitive operations on the ch^xard. These non-critical operations include, in 
particular, the simple checking of a digital signature where in this case, the result of the checking activity will only be 
passed to an item of equipment which is in communication with the chipcard. but where, however, no change of status 
or any other changes take place in the card. 

As shown in Rg. 1 , during the ne)ct step, a search is made for a certification key in the card. This certification key 
20 IS the public key of the stated pair of keys and must be authorised to release tiie certification and must, itself, already 
have been certificated. This means that it must be completely integrated in the chipcard. Preferably, the certification key 
should be installed and certified by the issuer of the card in the context of the personalisation of the chipcard. However 
certification keys can ateo be introduced into the ch^jcard at a later date after the personalisation activity has been com- 
pleted. The pre-requisite is that the certification key is applied to the chipcard in circumstances which satisfy the appro- 
25 priate security Standards. 

After the check has been made to ensure that tfie certif ication-key for the certification of the certificate transferred 
to the chipcard may be used, the second part of the certificate which constitutes the digital signature is converted with 
the aid of the certification key. For tfiis operation, the digital signature is encoded in accordance with the convention of 
the RSA-algorithm. The result of tiie calculation is a hash-value. 
30 Furthermore, tiie fingerprint of the first part of the certificate, which is similarly a hash-value, is calculated on the 
chipcard. The fingerprint is then compared with the result of the encoding operation desaibed in the foregoing section. 
If both agree with one anottier the cryptographic-key contained in the certificate is marked as a certificated key 

Oher cryptographic procedures may be used to test that tfie transfer of the certificate to tiie chipcard has been 
property carried out and then to certify ttie transferred key. For exanple. the known DSA-procedure(DSA-digital signa- 
ture algorithm) can be named. In this case, a value r is calculated for tiie first part of ttie certificate by means of the 
secret key of the pair of keys and other mathematical parameters using generally known equations. 

After the certificate has been transferred, tiie value r is used on tiie chipboard with tiie aid of further known equa- 
tions in combination with the transfen-ed certificate and the public key of tiie of tiie pair of keys to calculate a value v. If 
r and v agree with one another, the cryptographic key is marked as a certificated key. Use of the hash-algorrttim is also 
40 made when using the DSA-procedure. Still other asymmetric procedures can be used for the certification activity if tiiey 
guarantee the necessary standard of security. 

The marking of a cryptographic key as ' certificated' can be achieved, in particular, by means of placing a bit in a 
status-byte assoaated with the cryptographic key. However, other procedures for marking are conceivable. These 
include the storing of the cryptographic key in a specific memory area of the chipcard or the establishment of a list con- 
45 taining all the cryptographic keys which have been marked as certificated. 

The decision as to which form of marking will be chosen depends, in particular, upon the architecture of the relevant 
chipcard and its applications. 

After the marking activity for the cryptographic key has been completed, ttie certificated key can be used for tiie 
security-sensitive operations. The marking is inten-ogated on every occasion tiiat a cryptographic key is accessed 
50 Once tiie certification has been concluded, the certificated key is stored in the chipcard together with tiie accompanying 
data (see the components of the first part of tiie certificate). The accompanying data can be interrogated each time the 
key is accessed but also interrogated to provide information about tiie key. 

If a certificated key is required in order to carry out a security-sensitive operation on the chipcard, the required cryp- 
tographic key is only used for tiiat operation if its marking shows that a certificated key is involved. If ttie questioning of 
55 the marking produces a negative result. i.e. H is not a case of a certificated key. an error annoncement is given. In par- 
ticular, external authorisation fornis part of ttie security-sensitive operations. This involves checking of the identity and 
auttientidty of a communication partner of ttie chipcard. The chipcard and its communication partner (e.g. a terminal) 
mutually establish whether or not ttie communication partner is a genuine terminal or a genuine chipcard. 
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An essential advantage of the certificate in accordance with Table I is that with the akJ of informal data heW in the 
certificate, the cryptographic key can be assigned to a specific application. This is of great importance, particularty in 
the area of the chipcard because here cryptographic keys must be assigned to individual applications rather than to 
individual persons. These applications can, for example, include a group of similar automatic cash point machines. 

The digital determination of the application areas in the certificate (preferably by means of components 1 , 5 and 6) 
provides the opportunity of exduding the possibility of misusing the cryptographic key for other applications. 

If a certificated key is used in the context of carrying out a specific application, at the commencement of the access 
to this certificated key there will be a chaDenge as to whether the certificated key is authorised for the specific applica- 
tion. This can be done by means of the certificated information in the first part of the certificate. This information was 
stored in tiie chipcard together with the cryptographic key after certification had been completed. 

If data is included in the applications of the chipcard, thfe is present in the fbrnn of data files. These data f Bes pos- 
sess attributes which are determined, for example, by the party issuing the chipcard. Preferably, these attributes include 
a refererK^e to the key identification of the certified key which must be used for a specific operation with the relei/ant data 
files. This key identif icaton in the attribute must then agree with the key identificat' on of the certificated key (Conponent 
2 of the certificate). If this should not be the case, the operation is not earned out. In this way. any improper use of a 
certified key is prevented. 

Claims 

1 . Procedure for the certification of a ayptographic key for a chipcard, 
with the following procedural steps: 

a) Transfer of a certification-key to the chipcard. 

b) Transfer of a certificate to the chipcard. whereby a first part of the certificate includes the cryptographic key 
and a second part of the certificate includes a digital signature of the first part of the certificate, and 

c) Testing tiie digital signature by means of tiie certification-key on the chipcard. 

2. Procedure in accordance with Claim I characterised in that the testing of the digital signature on ttie chipcard 
Includes the following steps: 

c1) Conversion of the digital signature by means of the certification-key, 

c2) Production of an electronic fingerprint of the first part of tfie certificate, and 

c3) Comparison of the converted digital signature witti the electronic fingerprint of the first part of the certifi- 
cate. 

3. Procedure in accordance witii Claim I characterised in that ttie testing of the digital signature on the chipcard 
includes the following steps: 

c1) Production of an electronic fingerprint of the first part of the certificate. 

c2) Conversion of tiie electronic fingerprint by means of tiie certification-key and a set of equations, and 

c3) Comparison of the converted electronic fingerprint wrtii a reference value which is transfen-ed onto the 
chipcard with the certificate. 

4. Procedure in accordance witii Claim I distinguished by a further procedural step: 

Marking of tfie cryptographic key as a certified key in ttie event that when the digital signature is checked, this 
is verified as being ttie same as the digital signature of the first part of the certificate. 

5. Procedure in accordance with Claim 1 distinguished by a further procedural step: 

Checking whetiier or not the certification-key can be used to certify tiie cryptographic key 
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6. Procedure in accordance with Claim 4 distinguished by a further procedural step: 

Using the certificated key for carrying out security-sensftive ir^tructions. 

7. Procedure in accordance with Claim 1 characterised in that the certificated key is used as a further certification-key 
for the certification of a further cryptographic key. 

8. Procedure in accordance with Claim 1 characterised in that 

the cryptographic key can be used for the execution of a non-security-sensitive instruction after the certificate 
has been transferred to the chipcard. 

9. Procedure in accordance with Claims 2 or 3 characterised in that 

on each occasion when producing the digital signature of the first part of the certificate and when producing 
the electronic fingerprint of the first part of the certificate a hash-value is calculated by means of the hash-algo- 
rithm. 

10. Procedure in accordance with Claim 1 characterised in that 

the first part and second part of the certificate are transferred to the chipcard independently of one another 

11. Procedure in accordance with Claim 1 characterised in that 

the first part of the certificate includes administrative data. 

12. Procedure in accordance with Claim 1 1 characterised in that 

the cryptographic key is assigned to one or several applications of the chipcard by means of the administrative 
data. 

1 3. Procedure in accordance with Claim 1 . characterised in that 

the certification-key is transferred to the chipcard during personalisation of the chipcard. 

14. Procedure in accordance with Claim 4 characterised in that 

the marking of the cryptographic key as a certificated key is canried out by means of setting a bit in a status- 
byte of the cryptographic key. 

15. Procedure in accordance with Claim 4 characterised in that 

ttie marking of the cryptographic key as a certificated key is earned out by means of an entry of the crypto- 
graphic key in a table in the chipcard. 

16. Procedure In accordance with Claim 4 characterized in ttiat 

ttie marking of the ayptographic key as a certificated key is carried out by storing the cryptographic key in a 
given memory area of the chipcard. 

1 7- Certificate for certification of a cryptographic key for a chipcard, 
characterised by 

a first part and a second part whereby the two parts are separated from one another 

and whereby ttie first part includes the cryptographic key and tiie second part includes a digital signature of ttie 
first part 
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18. Certificate in accordance with Claim 17 characterised in that 

the certificate'is capable of being transferred to the chipcard and can be evaluated by a processor on the chip- 
card. 

19. Certificate in accordance with Claim 17 
characterised in that 

the first part of the certificate includes adnrtintstrative data. 

20. Certificate in accordance with Gaim 19 characterised in that 

the cryptographic key is capable of being assigned to one or several applications by the administrative data, 
and 

by means of the administrative data, it is possible to prevent any misuse of the cryptographic key for other 
applications which differ from the one or several applications. 

21 . Certificate in accordance with Claim 19, characterised in that the administrative data includes the indication of a 
path of a memory storage area on the chipcard, whereby the cryptographic key can be stored exclusively in this 
memory storage area. 
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